检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
出 处:《微计算机信息》2011年第9期175-178,共4页Control & Automation
摘 要:本文提出的改进S/KEY身份认证协议,使用随机数与机密信息进行异或运算,屏蔽重要信息防止机密泄露,实现了用户和服务器间的相互认证,认证服务器的计算负载并没有增加。本方案克服了传统S/KEY一次性口令认证方案不能抵抗重放攻击,小数攻击,冒充攻击,中间人攻击安全漏洞,有效地防止了连接劫持、协议破坏攻击等攻击手段,显著地增强了应用系统的安全性。This paper proposes a new improved S/KEY protocol.As is described in my authentication scheme that the random number XORed by the confidential information prevents confidential information from disclosure,and a mutual authentication between the user and the server is effectively carried out,but which do not increase the overhead of authentication server.The new S/KEY solution can not only overcome the vulnerabilities of security that the traditional S/KEY one-time password protocol will not help the server to resist the replay attacks,small integer attacks,personate attacks and man-in-middle attacks,but also effectively prevent the server from connection hijacking,protocal-broken and other attacks,so the improved S/KEY protocol significantly enhances the security level of application system.
分 类 号:TP393.108[自动化与计算机技术—计算机应用技术]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.222
